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Background 


• Many NASA projects use flexible architecture 
styles for 

- creating loosely coupled systems 

- minimizing future software change 

• Examples of such systems: 

- Goddard Mission Services Evolution Center (GMSEC) 

• A reusable framework for ground systems 

- Core Flight Software (CFS) 

• A reusable framework for flight systems 



Problem 
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• Increased flexibility of architectural styles 
decrease analyzability 

• Behavior emerges and varies depending on 
the configuration 

• Does the resulting system run according to 
the intended design? 

• What architectural decisions impede or facilitate 
testing? 
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Top Down Approach 


• Architecture analysis 

-focusing on critical components’ behavior data 
-visualizing architecture relevant events 
- drilling down to details as necessary 

• Detect defects and deviations 


- modeling, comparing planned vs. actual behavior 

• Architecture and its testability 



Fraunhofer 

Currently Targeted Projects: 
GMSEC and CFS 

• Reusable framework for ground and flight 
systems 

• GMSEC and CFS systems are running at 
FC-MD 

• Confirmed defects/violations reported in 
several papers 

>Some example results 
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Analyzing Software Architectures 




Software Bus 


Dynamic Save 



No static dependencies! 

-Astatic analysis is not sufficient 


New tool 



Goal 



Push/Pull 


Run-time Events difficult to analyze because 
There are too many low level events 


New tool can detect architecture 
relevant events and hide 6 
irrelevant information 
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Analyzing Runtime Events 



• Problems 


- different events are of 
interest 

- events can occur in 
any order 

- huge number of events 

- range between events 
might be very large 


cons true tor= java. io. PipedReader,instanc 
c ons true tor = java. io. PipedWriter,instanc 
constructors java. io. Pipe dRead^^ns tanc 
constructors java. io. Pipe dReade^^s tanc 
constructors java. io. PipedReader, ins'* 
cons true tor= java. io. PipedWriter,insta: 
methodname= j ava. io . PipedWriter . connect, 
methodnamesjava. io. PipedWriter . connect, 
c ons true to r = vl. SplitFi Iter, in^^C£id=n_ 
methodnamesjava. io. Pip edWrite^xonnect, 
cons true to r=vl . PassFilter , instanceid=ob 
methodnamesjava. io. PipedWriter . connect, 
cons true to r = vl .PassFilter, ins tanc e i d= ob 
cons true to r = vl . He r ge Fi 1 te r , ins tanc e i d= 
methodname=java.io. PipedReader. read, ca 
cons true tor= java. io.BufferedReader ,i*tfst 
methodname= j ava. io . Buf f eredReader . &4adL 
methodnamesjava. io. PipedReader. rey&d, cal 
methodnamesjava. io. Pipe dReade^Aad, cal 
methodname=java. io. PipedWrite^jrite,ca 
methodname=java. io. PipedWriter. write, ca 
methodnamesjava. io. PipedReader . read, cal 


points of 


interest 


Solutions: Goal-oriented data collection and 

a pattern recognition engine 
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Actual Architecture 


Recognitio 



Planned architectural styles: 

E.g. Pipe & Filter, Publish Subscribe 


Planned architectural 
style 


Runtime events 


Rules: 


Rules 



Filter: 

The constructor name of a Filter contains “Filter” 
Push: 

The callee of a method call is a “PipedWriter” 
instance, 

the name of the method is “write”, 
the caller is an Instance of Filter 


Architecture 

Recognition 



Actual architectural style 


Runtime events: 

init,timestamp=1 264620606308, constructors"! .MergeFilter,instanceid=obj578ceb 

call,timestamp=1 26462060631 7, methodname=java.io.PipedReader.read,callee=obj9ed927,caller=objfa7e74,argument=null 
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GMPUB in Dynamic SAVE 



am 

013 

ffi r 

ConnectionFactory : ConnectionFactory 

gmpub : gmpub 

Disconnect : Disconnect 




Connection : Connection 


Create 


1 



return Create 

_t 


Message information 
Including parameters 


<r-D 
— *□ 


Thousands of Messages! 


G ms 


111230900 


Publisher 

Where’s Subscriber? 


Timing information 


Connect 


return Connect 





CreateMessage 

subject = praec .test . publish B 







retum_CreateMessage 

subject = proec .test . publish B 







Publish 

subject = praec .test . publish B 







| retum_Publish j 


112A5Q505 m= 


145395053 ms 


149953432 ms 


151577505 ms 


159591335 ms 


171193009 ms 


This diagram was automatically created by Dynamic SAVE 
using run time information from GMSEC 

Problem: Much information, but GMSUB component that receives messages missing! 
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Sample output from new 

approach 



mm 

mm 

gmsub : gmsub 

gmpub : gmpub 


Only critical messages 
Visible, all else hidden 




g msec. test, publish 


g msec, testl. publish 


g msec. test2. publish 


g msec. test2. publish. . . 



0 ms 


4860184 ms 


5485404 ms 


5713924 ms 


Unexpected 

Duplicate 

message! 


Pattern engine matched 

pairs of messages and 

reduced the information significantly! 


This diagram will be automatically created by the new approach 
using the same run time information from GMSEC 
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Sample output from new 

approach ... 



/\ Connection port for publishingtothe software bus 
V Connection port for subscribing to the software bus 


This diagram will be semi-automatically created by the new approach 
using the same run time information from GMSEC 
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Taking message timing delay 

into account 


urn 


gmsub : gmsub 


T 


Timing is off! 






[qmsec-testl.puhlish | 





\ 

® , 


The slopes indicate 



message delays that may 
Impact behavior 




gmpub : 

gmpub 


0 ms 


4860184 ms 


5485404 ms 


5713924 ms 


This diagram will be automatically created by the new approach 
using the same run time information from GMSEC 
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Architecture and Testability - 

CFS Examples 

We analyze the CFS architecture and its 
unit testing architecture 


• Focus of the analysis: 

- What architectural decisions impede or 
facilitate testing? 
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Some Recommendations for 
improved testability 

• Modules should be programmed to 
abstract interfaces 

- mock implementations of interfaces for unit 
testing 

• Some internal details of modules should 
be public - cannot “hide” everything 

• Avoid using the same return code of 
functions for different scenarios 
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Abstract Interfaces and 
Testability - CFS example 



Software Bus (SB) 



linux/osapi . c 

rtems/osapi . c 

vxworks 6/osapi . c 

Test/ut osapi stubs. c 

int32 OS QueuePut ( . . . ) { 

int32 OS QueuePut ( . . . ) { 

int32 OS QueuePut ( . . . ) { 

int32 OS QueuePut (...) { 

. . . 



// Mock Implementation 

sendTo (...); 

rtems message queue send (...); 

msgQSend ( . . . ) ; 

} 

} 

} 

} 
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Open some internal details 

CFS example 


int32 CFE_ES_LoadLibrary ( char *EntryPoint, char *LibName, ...) { 

boolean LibSlotFound = FALSE; 

for ( i = 0; i < CFE_ES_MAX_LIBRARIES ; i++ ) { 

if ( CFE_ES_G lob al. Lib Table [i] .RecordUsed == FALSE ) { 

LibSlotFound = TRUE; 
break; 


} 


if (LibSlotFound 


FALSE) return CFE ES ERR LOAD LIB; 



/* Test for loading more than max number of libraries */ 
for (j= 0; j < CFE_ES_MAX_L IBRARI ES ; j++) { 

CFE_ES_Global.LibTable[j] .RecordUsed = TRUE; 

} 

Return = CFE_ES_LoadLibrary ("EntryPoint ", "LibName", ...) ; 

UT_Rep or t (Return == CFE_ES_ERR_LOAD_LIB , " CFE_ES_LoadLibrary ", 

"No free library slots") ; 
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Summary and Next Steps 

• We’re building a new approach that 

- helps understand, visualize, and validate 
software systems that use loosely coupled 
architecture styles 

- helps evaluating testability of the architecture 

• Next steps 

- refine software tools and method, apply also 
to other NASA systems 
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Acronyms 

• AFRL - Air Force Research Laboratory 

• APL - Applied Physics Laboratory 

• ARC - Ames Research Center 

• CESE - Center for Experimental Software 
Engineering 

• cFE - core Flight Executive 

• CFS - Core Flight Software 
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Acronyms (2) 

• CHIPS - Cosmic Hot Interstellar Plasma 
Spectrometer 

• CLARREO - Climate Absolute Radiance 
and Refractivity Observatory 

• COTS - Commercial Off-The-Shelf 

• DSILCAS - Distributed System Integrated 
Lab Communications Adapter Set 

• Dyn-SAVE - Dynamic SAVE 
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Acronyms (3) 

• GLAST - Gamma-ray Large Area Space 
Telescope 

• GMSEC - Goddard Mission Services 
Evolution Center 

• GOTS - Government Off-The-Shelf 

• GPM - Global Precipitation Measurement 

• GSFC - Goddard Space Flight Center 

• IV& V - Independent V & V 
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Acronyms (4) 

• JSC - Johnson Space Center 

• LADEE - Lunar Atmosphere and Dust 
Environment Explorer 

• LDCM - Landsat Data Continuity Mission 

• LRC - Langley Research Center 

• LRO - Lunar Reconnaissance Orbiter 

• MMOC - Multi-Mission Operations Center 

• MMS - Magnetospheric MultiScale 
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Acronyms (5) 



• MSFC - Marshall Space Flight Center 

• RBSP - Radiation Belt Storm Probes 

• SAVE - Software Architecture 
Visualization and Evaluation 

• SDO - Solar Dynamics Observatory 

• TRMM - Tropical Rainfall Measuring 
Mission 

• V & V - Verification and Validation 


22 


